CVE-2023-36661

Related Files

Ivanti Connect Secure Unauthenticated Remote Code Execution

Posted Feb 21, 2024

Authored by sfewer-r7 | Site metasploit.com

This Metasploit module chains a server side request forgery (SSRF) vulnerability (CVE-2024-21893) and a command injection vulnerability (CVE-2024-21887) to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x are vulnerable, prior to the vendor patch released on Feb 1, 2024. It is unknown if unsupported versions 8.x and below are also vulnerable.

tags | exploit, remote, code execution

advisories | CVE-2023-36661, CVE-2024-21887, CVE-2024-21893

SHA-256 | 517cb3bdebea0c5e8bc6b809e873babc0faf56250fbc150da2e1a5d269f4e7b7

Download | Favorite | View

Ubuntu Security Notice USN-6274-1

Posted Aug 4, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6274-1 - Jurien de Jong discovered that XMLTooling did not properly handle certain KeyInfo element content within an XML signature. An attacker could possibly use this issue to achieve server-side request forgery.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2023-36661

SHA-256 | 19e79cbe903a0246e94a3fa323db69d8e7a0eaca4f93fad7e0207bf2f9ff311d

Download | Favorite | View